Last patch information

bigfix2anand · March 1, 2024, 11:24am

Hi

How do i find last patch information or not patched more than 60days endpoints for windows and Linux by web report or by using relevance?

Regards
AK

jgstew · March 1, 2024, 6:02pm

Do you mean session relevance? How are you going to use the results of the query and where are you going to run it?

If you do mean client relevance, you can do something like this: https://bigfix.me/relevance/details/3019839

there should be existing web reports for this, but you could also write a session relevance query to get it from web reports or console dashboard or REST API.

This is the session relevance that would get you just the potential list of items that could have relevant computers:

number of plain bes fixlets whose(exists source severity whose(it as trimmed string is contained by set of ( "Critical" ; "Important" )) of it AND source release date of it < (current date - 60 * day))

Then to get the actual applicable computer counts for each of them, and only return results if applicable > 0:

( applicable computer count of it, name of it) whose(item 0 of it > 0) of plain bes fixlets whose(exists source severity whose(it as trimmed string is contained by set of ("Critical";"Important")) of it AND source release date of it < (current date - 60 * day))

Then you could improve it even further by only reporting on computers that have reported into BigFix within the past 30 days:

unique values whose(it as string does not contain " (Superseded)") of items 1 of ( exists applicable computers whose(now - last report time of it < 30 * day) of it, name of it) whose(item 0 of it) of plain bes fixlets whose(exists source severity whose(it as trimmed string is contained by set of ("Critical";"Important")) of it AND source release date of it < (current date - 60 * day))

Then if you want to have it link to the actual fixlet from web reports / console, you could do this:

html concatenations "<br/>" of links whose(it as string does not contain " (Superseded)") of items 1 of ( exists applicable computers whose(now - last report time of it < 30 * day) of it, it) whose(item 0 of it) of plain bes fixlets whose(exists source severity whose(it as trimmed string is contained by set of ("Critical";"Important")) of it AND source release date of it < (current date - 60 * day))

You can find the set of possible source severities to report on with: (multiplicity of it, it) of unique values of (it as trimmed string) of source severities of bes fixlets

bigfix2anand · March 4, 2024, 10:48am

Hi

When i created new fixlets for below session relevance in BigFix console the endpoints are not available on the applicable computers list.
This means all endpoints have latest patch?

number of plain bes fixlets whose(exists source severity whose(it as trimmed string is contained by set of ( “Critical” ; “Important” )) of it AND source release date of it < (current date - 60 * day))

Regards
AK

jgstew · March 15, 2024, 7:56pm

not exactly

This session relevance doesn’t consider if a computer has it applicable or not, so it would return how many fixlets meet that criteria regardless. If it is returning 0 then I think something is wrong with the session relevance.